cyber crime : incident highlights of 2011-2012
DESCRIPTION
Presentation highlighting incidents from the Web Hacking Incident Database over the last 18 months. Incidents only from WHID an project started by the Web Application Security Consortium. Source : http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database Embedded video link: http://rt.com/usa/news/anonymous-attack-video-cia-219/ (not vewable in the ppt. )TRANSCRIPT
Nullcon 2012
International Security Conference
What is the talk about?
•Only reported incidents •Mostly pertaining to government and corporate establishments.
What is the Talk not about?
•Unreported activities of intelligence agencies •Data gathered Intelligence agencies
Who am I?
Hacked IndustriesHealthcare Automotive Credit Card Issuer
Education Finance Government
Hospitality Internet Service Provider
Music Sports
Search Engines NewspaperUnited States University
Web 2.0
Recruitment
Travel
Entertainment
Internet Service Provider
News
Social Networking
Hacked Industries
Statistics
Improper IO Handling
25%
Insufficient Anti-Automation
26%Inefficient AAA
7%
Misc (IPV,ITLP,PRL
etc)41%
Application Weakness in the Year 2011-12
Defacement16%
Downtime30%
Leakage of In-formation
27%
Planting of Malware
7%
Monetary Loss7%
Miscellaneous13%
Outcome in the Year 2011-12
Source : projects.webappsec.org
Statistics
Government24%
Education3%
Entertainment9%
Finance8%Technology
20%
Misc (Retail,36%
Attacked Entity Field in Year 2011-12
North America44%
South America13%
Africa3%
Asia19%
Europe17%
Australia4%
Attack Entity Geography Year 2011-12
Source : projects.webappsec.org
Reasons why cybercrimes occur?
Monetary
Monetary (Computer hacker tries to steal $1.8 million from Arlington's bank account
Hackers steal $6.7M in cyber bank robbery all this over new year break1st April 2012
Jan 18th 2012
Reasons why cybercrimes occur?
Recognition
Hactivism:
DOS/DDOS AttacksApril 2012, February 2012, June 2011 CIA website Downed by Anonymous on three occasions
Reasons why cybercrimes occur?
Political
North Korea, South Korea
Reasons why cybercrimes occur?
Geopolitical rivalry manifesting in corporate cybercrime 3rd January 2012 Saudi Hackers Post Israeli Credit Card Numbers Online
Intelligence:FBI Partner website hacked
FBI Partner Organization Website
Dayton FBI partner website hacked
Political
Reasons why cybercrimes occur?
Defacement
Taliban Website Hacked As Afghan Cyberwar Heats
27th April 2012
Reasons why cybercrimes occur?
Fun
15-year-old arrested for hacking 259 companies
January 2012 to March 2012
black hat/ white hat/GreyHat??
Google kills Iranian blog with 3 million hacked bank accounts
Anonymous
anonymous message
to the world and CIA
who are they? “First, who is this group called Anonymous? Put simply, it is an international cabal of criminal hackers dating back to 2003, who have shut down the websites of the U.S. Department of Justice and the F.B.I. They have hacked into the phone lines of Scotland Yard. They are responsible for attacks against MasterCard, Visa, Sony and the Governments of the U.S., U.K., Turkey, Australia, Egypt, Algeria, Libya, Iran, Chile, Colombia and New Zealand. ”
—Canadian MP Marc Garneau, 2012
video :
Hacktivist Group
AnonymousGovt site taken down in censorship protest - Jun 10, 2012
Hacks in 2012
CSLEA hackOccupy Nigeria
Operation Megaupload
Anti-ACTA activism in EuropeOperation RussiaBoston Police Department attacks
Syrian Government E-mail HackAntiSec Leak and CIA Attack
Interpol AttackAIPAC Attack
Vatican website DDoS AttacksBureau of Justice leak
Taking down Monsanto's Hungarian website
Symantec source code leak
April 2012 Chinese attackOperation Bahrain and Formula One attacksOccupy PhilippinesOperation India
Operation Quebec
Operation Japan
Operation Anaheim
AAPT attack
Operation Myanmar
Case 1 Tunisian Government Date : 18 December 2010 – 14 January 2011
who: Tunisian Revolution
• 8 websites affected (including, the president, prime minister, ministry of industry, ministry of foreign affairs, and the stock exchange.)• Ben Ali's administration has tightly restricted the flow of information out of Tunisia• Reports of civil disobedience and police action filtered out on Twitter.• Anonymous claimed responsibility for the cyber attack (called it #OpTunisia)• Part of #OpPayback, initially aligned with wikileaks (Zimbabwe) then the people of Tunisia.• felt government had unilaterally declared war on free speech, democracy, and even [its] own people".• "Cyber attacks will persist until the Tunisian government respects all Tunisian citizens' right to free speech and information and ceases the censoring of the internet".
Case 2 Government Date :
09/12/11
who: Congress Website hacked (congress.org.in & aicc.org.in)
what (Defacement)Sonia Gandhi profile changed with one paragraph of obscene Language.(Photo of Sonia Gandhi)
why: Kapil Sibal asked social media networks, including Facebook, Twitter and Google, to remove offensive material from their websites.
Interesting Fact :
Case 3 Government Date : Dec 2010- Jun 2011
who: 117 Govt. of India Websites (NIC, Army, CBI)
Group responsible:
Indian offshoot of Anonymous, PCA(well….at least reportedly, also hacked 270 other sites)
why: Retaliation for ICA's Attack on 26/11/10Interesting Fact : Indian government departments and agencies do not follow the procedures set for regular audits of the sites
Case 1 Corporate
Date :
15/01/12
who: Zappos (Aquired by Amazon since 2008)
what:24m Records Breached Information including names, email addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers, and encrypted passwords may have been exposed.
how: zero day vulnerability
Interesting Fact :
Case 2 Corporate
Date : Till Nov 27, 2011
who: Bug in the application
how: A subscriber uses the Report/Block link that appears in the bottom right when you roll over a picture to report another subscriber's photo as pornographic. The blocking tool then asks for your help in identifying other photos that should be blocked as part of that account - which is where the bug comes in. Not only were the public photos of that account presented, but private photos as well.
Output: Mark Zuckeberg's private photos started to show up across the web
Zuckerberg's Facebook Account Hacked
Case 3 Corporate Date :
06/06/12
who: Linkedin
how: Vulnerable Front end SQL Injection (could have been sqlmap or Havij)
Outcome: According to Per Thorsheim, security analyst, A list of 6.5 million passwords appeared on a russian forum.
• All hashed using the SHA-1 algorithm. No Salting
• No Username or Data, but Could be a plan to crowd source hacking effort, because some unique passwords also found.
• Many Password "1234LinkedIn" with SHA-1 Hash is “abf26a4849e5d97882fcdce5757ae6028281192a.”
Case 4 Corporate Date : 19/04/2012 (realised 7 days later.)who: Sony Playstation, Playstation portable, & Qriocity(Music Streaming)
what: • Supposed hacker chat-logs reveal PSN security lapses
• 77m stolen names, addresses, birthdates, PSN passwords and credit card numbers.• 55m (PSN, PS3 + playstation Mobile ) and 22m (Qriocity)• all details stolen indicate they were in unencrypted form (against common Industry practice.)
Other Hacks
Attack mode:
What:
Who:
When:May 22nd
SQL injection, automated
Hacked
Greece
Other Hacks
Article mentions that when this whole attack on Sony is over it might come to be one of the most secure web presence on the www.
What:
By:
Who:
When:
May 24th 2012
Sony music Japan
Lulzsec
Hacked
Other Hacks
By:
Who:
When:June 5th 2011
Sony Music Brazil
Lulzsec
Other Hacks
June 6th 2012
SQL injection
Stole 120 usernames, passwords, email addresses through
Lebanese Hacker (Idahc)
Sony Europe
Attack mode:
What:
By:
Who:
When:
Other Hacks
July 5 2011
Sony Music Ireland website
HackersBy:
Who:
When:
Other Hacks
January 6th 2012
Sony picture website and FB
What:
By:
Who:
When:
page hacked
Other Hacks
SQL Injection Vaccination?
What:
By:
Who:
When:
August 2012
Sony
hacked again
Types of Attacks in 2011When Who By & How Outcome
March 17, 2011 Hacked by an Advanced Persistent Threat (APT)
Used SecurId codes they stole from the RSA break-in to hack Lockheed Martin
June 2, 2011 Through Spear phishing used by Chinese Hackers
Gmail accounts of select members of the U.S. Government had been compromised
May, 2011 200,000 Customer A/c were compromised by a cyber-attack. Hackers accessed account holders' names, email addresses, and account numbers
Citi ordered new credit cards for 100,000 customers absorbing the $2 million cost
June 11, 2011 Hackers used a "spear phishing" technique
Degree of the compromise was not specified
Types of Attacks in 2012
When Who By & How Outcome
August, 2012 Hactivist Group Anonymous
Site was unavailable Demanding freedom for Wikileaks founder Julian Assange
July 12, 2012 Group of Hackers used Union based SQL injection
SQL injection retrieved 453,000 user names and passwords stored in plaintext
September 25, 2012
Muslim hackers launched a distributed a denial-of-service attack against it
Bank was forced to shut down the website
Interpol British Police SOCA
• Incidents will continue to happen
• Regulatory Authority required to Penalize for no compliance
Thank You